Vulnerabilities > CVE-2016-4994 - Use After Free vulnerability in Gimp
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-ACBD6A75F3.NASL description Security fix for CVE-2016-4994 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-18 plugin id 92332 published 2016-07-18 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92332 title Fedora 22 : 2:gimp (2016-acbd6a75f3) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2021.NASL description According to the versions of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files.An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) - GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.(CVE-2018-12713) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129214 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129214 title EulerOS 2.0 SP3 : gimp (EulerOS-SA-2019-2021) NASL family Scientific Linux Local Security Checks NASL id SL_20161103_GIMP_ON_SL7_X.NASL description The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). Security Fix(es) : - Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes : last seen 2020-03-18 modified 2016-12-15 plugin id 95839 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95839 title Scientific Linux Security Update : gimp on SL7.x x86_64 (20161103) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1075.NASL description According to the version of the gimp gimp-help packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files.An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99835 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99835 title Checks the rpm output for the updated package. NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2589.NASL description From Red Hat Security Advisory 2016:2589 : An update for gimp and gimp-help is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595) Security Fix(es) : * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 94710 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94710 title Oracle Linux 7 : gimp (ELSA-2016-2589) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1962-1.NASL description gimp was updated to fix one security issue. This security issue was fixed : - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93190 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93190 title SUSE SLED12 Security Update : gimp (SUSE-SU-2016:1962-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2589.NASL description An update for gimp and gimp-help is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595) Security Fix(es) : * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 95335 published 2016-11-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95335 title CentOS 7 : gimp / gimp-help (CESA-2016:2589) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2589.NASL description An update for gimp and gimp-help is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595) Security Fix(es) : * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 94552 published 2016-11-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94552 title RHEL 7 : gimp (RHSA-2016:2589) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3612.NASL description Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is prone to a use-after-free vulnerability in the channel and layer properties parsing process when loading a XCF file. An attacker can take advantage of this flaw to potentially execute arbitrary code with the privileges of the user running GIMP if a specially crafted XCF file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 91923 published 2016-07-05 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91923 title Debian DSA-3612-1 : gimp - security update NASL family Fedora Local Security Checks NASL id FEDORA_2016-6122983949.NASL description Security fix for CVE-2016-4994 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-15 plugin id 92253 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92253 title Fedora 24 : 2:gimp (2016-6122983949) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-203-01.NASL description New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 92498 published 2016-07-22 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92498 title Slackware 14.0 / 14.1 / 14.2 / current : gimp (SSA:2016-203-01) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6FB8A90FC9D54D14B940AED3D63C2EDC.NASL description The GIMP team reports : A Use-after-free vulnerability was found in the xcf_load_image function. last seen 2020-06-01 modified 2020-06-02 plugin id 92651 published 2016-08-01 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92651 title FreeBSD : The GIMP -- Use after Free vulnerability (6fb8a90f-c9d5-4d14-b940-aed3d63c2edc) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-822.NASL description gimp was updated to version 2.8.16 to fix one security issue. This security issue was fixed : - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). This non-security issues were fixed : - Core : - Seek much less when writing XCF - Don last seen 2020-06-05 modified 2016-07-05 plugin id 91942 published 2016-07-05 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91942 title openSUSE Security Update : gimp (openSUSE-2016-822) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2471.NASL description According to the version of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.(CVE-2016-4994) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131624 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131624 title EulerOS 2.0 SP2 : gimp (EulerOS-SA-2019-2471) NASL family Fedora Local Security Checks NASL id FEDORA_2016-20DB5E796B.NASL description Security fix for CVE-2016-4994 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-15 plugin id 92233 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92233 title Fedora 23 : 2:gimp (2016-20db5e796b) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3025-1.NASL description It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 91955 published 2016-07-06 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91955 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : gimp vulnerability (USN-3025-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-525.NASL description It was discovered that there was a use-after-free vulnerability in the channel and layer properties parsing process in Gimp, the GNU Image Manipulation Program. For Debian 7 last seen 2020-03-17 modified 2016-06-27 plugin id 91831 published 2016-06-27 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91831 title Debian DLA-525-1 : gimp security update
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00005.html
- http://www.debian.org/security/2016/dsa-3612
- http://www.ubuntu.com/usn/USN-3025-1
- https://bugzilla.gnome.org/show_bug.cgi?id=767873
- https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f
- http://www.securitytracker.com/id/1036226
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.431987
- http://www.securityfocus.com/bid/91425
- http://rhn.redhat.com/errata/RHSA-2016-2589.html